Omni Governance Console Administration User's Guide > Configuring Omni Governance Console Roles From LDAP (Active Directory) > Using the Active Directory (LDAP Server) System

Using the Active Directory (LDAP Server) System

How to:

The following example uses Object names and LDAP parameters as used in a Microsoft Active Directory system. The LDAP server administrator must know the corresponding Object names when using a non-MS Active Delivery system.

  1. Use Remote Desktop to access your Active Directory host (for example, to wadc-vm.iwaydev.ibi.com), and log on using your LDAP-Administrator user name and password.

    For example:

    • Username: Administrator
    • Password: (LDAP authorized Password)
  2. Click Start, select Administrative Tools, and then click Active Directory Users and Computers.
  3. Identify the corporate or privileged UserName and proceed to How to Create Groups in Active Directory.

    If you do not have a corporate UserName, you must create one by performing the following steps:

    1. From the Active Directory Navigation Bar on the left pane, right-click Users, select New, and click Users.
    2. Enter the required information in the First name, Last Name, Full name, and User logon name fields, as shown in the following image.
    3. Click Next.
    4. Enter and confirm the password, clear the User must change password check box, and select the Password never expires check box.
    5. Click Next, and then click Finish.

Procedure: How to Create Groups in Active Directory

To create groups in the Active Directory, perform the following one-time steps:

  1. Right-click Users, select New, and then click Group.
  2. Enter the Group name or use the same name as your LDAP connection (for example, OGCUSERS).
  3. In the Group scope section, select the Global radio button.
  4. In the Group type section, select the Security radio button.
  5. Click OK.
  6. Repeat steps 1 - 5 for each of the following group names:
    • Data_Supervisor
    • Data_Steward
    • User
    • System_Administrator
  7. If your OmniGen Model includes the Customer subject, repeat steps 1 - 5 for each of the following group names:
    • domain.Customer
    • domain.CustomerMaster
  8. Repeat the two domain.group creations for each Mastered subject in your OmniGen Model.

    For example, if Subject = Vendors, then create the groups domain.Vendors and domain.VendorsMaster.

  9. Create the Supervisor and Steward Group(s).

    The hierarchical Supervisor & Steward Remediation Case resolution featured in OGC allows for a Data_Steward to resolve a case, at which time the case is automatically reassigned to that Data_Supervisor of the Steward for Approval and Closure.

    If you are not using this feature, proceed to step 10. Otherwise, if you will use the hierarchical Supervisor and Steward Remediation Case resolution feature in OGC, you must create an OGC-Org Group for each group by performing the following steps:

    1. Create a group (for example, group.OGCOrg1), as shown in the following image.
    2. Repeat the above step for Creating (AD) groups for as many Data_Supervisor with Data_Steward(s) groups (or teams) that exist.
  10. Designate the user to be a member of the Omni Users Group whose members will be allowed to log on to OGC. For example, make the user a member of the OGCUSERS group.

    To designate a user:

    1. Right-click OGCUSERS, select Properties, and then click Members.
    2. Click Add.
    3. Enter the first name or Login ID into the Enter the object names to select field.
    4. Click Check Names, as shown in the following image.
    5. Click OK.
    6. Click Apply, then click OK.

      You can add the user to multiple Groups by separating them with a semi-colon, as shown in the following image.

  11. Within the Omni Users Group, designate a user to be a member of only one of the following three groups:
    • Data_Supervisor
    • Data_Steward
    • User
  12. If the user is to be an OGC_Administrator (and has the Administration tab on their own OGC menu), designate that user a member of the System_Administration group. Otherwise, proceed to the next step.
  13. Designate the user to be a member of both domain groups for each subject they can access.

    For example, designate them to be a member of domain.CustomerMaster for access to the Customer Master records, and a member of domain.Customer to grant access to Customer Instance records.

    For instance, if the user is to have access to Vendors, designate that user to be a member of domain.Vendors and of domain.VendorsMaster, and so on.

    Note: If you are using the Supervisor or Steward(s) groups, perform the following steps as many times as necessary.

    1. Designate only one Data_Supervisor (a user who is a member of the Data_Supervisor group) a member of group.OGCOrg1.
    2. Designate all Data_Stewards who are supervised by the Data_Supervisor above, a member of the Data_Supervisor's Group (for example, a member of group.OGCOrg1).